By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Preferences
DeclineAccept
Cookie preferences
BLOG

Block 64 Compliance Review

October 12, 2023
0
min read

Block 64's compliance puzzle ... solved!

Compliance frameworks can be numerous, as well as alternately broad and focused. For Block 64, a leading provider of discovery and analytics for IT Asset Management, Cybersecurity and Cloud Enablement, it can be difficult to know which frameworks apply and which can be safely staved off. This article will hopefully provide some insight into the most commonly asked questions around Block 64's compliance position.

SOC 2 Type II

We can start at the top with one of the world’s most coveted and rigorous information security certifications, Service Organization Control (SOC) 2 Type II.

Block 64 secured this certification in 2021 and have completed its most recent renewal for July 2023 through July 2024. By doing so, Block 64 continues to demonstrate its ability to meet the very highest standards for maintaining the security of customer data.

ISO27K

The ISMS Family of Standards, include several potentially applicable standards and practices to which Block 64 adhere. While Block 64 do not currently possess an ISO27K certification, we rely on our SOC 2 Type II certification and its commonalities to the ISO27K stack to ensure coverage. Those standards could include:

  • ISO27001: Information security, cybersecurity and privacy protection.
  • ISO27017: Extends ISO27001 with more controls related to use in a cloud-based environment.
  • ISO27018: builds on ISO27001 as a requirement, this standard adds protection of personally identifiable information (PII)
  • ISO27701: while it includes mapping to ISO27018, this is a far more extensive standard, typically leveraged by PII controllers with Privacy Information Management System (PIMS) implementations, and does not truly apply to Block 64's limited collection or processing

Microsoft SSPA

Block 64 are an SSPA compliant company!

SSPA is a set of requirements and practices that all Microsoft vendors who process "Microsoft Personal Data" or "Microsoft Confidential Data" must comply with to conduct business with Microsoft.

GDPR

Similar in scope to the ISO27018 and ISO27701 standards, Europe's GDPR framework seeks to ensure that persons maintain the right to know what personally identifiable data (PII) is collected, how it is used, and that they retain the ability to opt out of its collection. Block 64 take data privacy incredibly seriously, and while we have not secured GDPR certification, we do adhere to the foundational principles of the framework.

For more information, see information on any potentially personally identifiable data we collect as well as Block 64's GDPR Data Protection Addendum.

CCPA

The California Consumer Privacy Act (CCPA) seeks to increase transparency for California residents, allowing them to understand how their data is collected and transacted. It regulates businesses that operate in California and that process PII data for profit. Block 64 will never resell nor process PII data for such purposes; That said, Block 64 will certainly adhere to the principles of transparency in its data collection.

HIPAA

HIPAA statutes do not apply with regards to Block 64's data collection, as we do not encounter, interact with, gather or store Protected Health Information (PHI). Block 64 tools have been leveraged many times in health care environments, where PHI privacy is of upmost concern, and while Block 64 does collect data from corporate systems and Active Directory or Entra ID, it never collects PHI or other patient data.

On this page

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Get your free scan and see where your IT is hiding

14 days free. 15 min set-up. No credit card required.

Get Started Free